Phishing and Spoofing, the New Frontier of Banking Scams

With digitalisation, the possibility of online scams by cybercriminals is becoming increasingly common. One of the main practices carried out by these individuals is undoubtedly banking phishing, a fraudulent technique executed through messages, emails, or phone calls with the aim of deceiving victims into disclosing their banking credentials, thus allowing wrongdoers to withdraw funds from their accounts. Therefore, it is a form of banking fraud perpetrated by individuals who, in most cases, can be particularly challenging to identify as they hide behind fictitious identities and through specific software, falsely assume the guise of banking institutions.
 
Over time, scammers have implemented additional techniques aimed at deceiving victims even more subtly; among these, Smishing can be mentioned, which uses SMS messages to send fraudulent alerts leading the victim to click on malicious links or disclose sensitive information. Whaling, on the other hand, is a particularly complex form of phishing targeting high-profile profiles, such as a CEO, a financial director, or a managerial partner, against whom attackers use manipulative social engineering techniques through personalised emails containing personal data.
 
Among the practices that have become more widespread in recent years, there is undoubtedly Spoofing, through which scammers manage to faithfully reproduce phone numbers, emails, or websites identical to the originals, quickly gaining the trust of unsuspecting customers and playing on a fictitious alert situation to induce the victim to provide banking data or transfer substantial sums of money.
 
Given the difficulty of tracing the author of such a scam, committed by an individual with advanced computer skills and often resulting in the transfer of money to foreign bank accounts, it is inevitable that private compensation claims focus on the bank, whose responsibility must be assessed on a case-by-case basis.
 
The individual who is the victim of such a banking scam, with the assistance of a lawyer, can file a complaint with the ABF (Banking and Financial Ombudsman), the main out-of-court dispute resolution system between banks and customers. The ABF typically adjudicates on complaints within six months, and if accepted, it orders the bank to return the unlawfully processed sum to the customer. Based on the jurisprudential evolution in this matter, the burden of proof of the user's negligence lies with the bank, which must demonstrate that it has implemented all suitable security measures to protect the customer.
 
Specifically, with ruling no. 13204 of 2023, the Court of Cassation ruled that it is the bank's responsibility, requiring a diligence of a technical nature to be evaluated with the parameter of the prudent banker, to provide evidence of the operation's attribution to the customer. The premise of this principle lies in the necessity of ensuring adequate security in the banking system for customers, with the consequence that it will be the bank itself that must prove the customer's fraud or gross negligence.
 
Giambrone & Partners, through its dedicated department composed of a multi-jurisdictional team of experts in banking, civil, and criminal matters, provides assistance and consultancy in all cases of banking fraud, both judicial and extrajudicial, with the aim of recovering fraudulently withdrawn sums.